Virtual LAN VLAN

Virtual LAN VLAN

The concept of VLANs

In the traditional switched Ethernet, all users in the same broadcast domain, when the network size is larger, the number of broadcast packets will increase significantly, when the number of broadcast packets to 30% of the total amount of time, the network transmission efficiency will be significantly reduced, especially when the network equipment failure, and constantly send broadcasts to the network, Which led to broadcast storms. In the actual production environment in a broadcast domain, will greatly reduce the special department of Network security, has been attacked in the LAN possibility. So that is to say that the VLAN can split the broadcast domain, in different broadcast domain between the computer is not normal communication, to achieve communication requires a single-arm routing and three-layer switching.

Divide the broadcast domain into:

Physical separation : Physically dividing the network into several small networks, and then using a routing device that can isolate the broadcast to connect the different networks to achieve communication.

Logical separation : Logically dividing the network into several small virtual networks, VLAN (virtual local area network). VLANs work in the data link layer of the OSI Reference Model, where a VLAN is an interchange

Network, where all users are in the same broadcast domain, and each VLAN communicates through a routed device connection.

Benefits of using VLAN technology :

1. Controlling the broadcast

2. Enhance network security

3. Simplify network management

the types of VLANs are divided into : static VLAN and dynamic VLAN

range of static VLANs : Cisco switches can support up to 4,096 VLANs. The number of different models supported varies.

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" Image "Src=" http://s3.51cto.com/wyfs02/M01/6C/95/wKioL1VM4FjBwyqJAADHK5ewj8M188.jpg "width=" 384 "height=" 176 "/ >

The role of trunk

If the two too switches between the same VLAN to communicate theoretically we need to separate the same VLAN pull lines for different switches.

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" Image "Src=" http://s3.51cto.com/wyfs02/M02/6C/95/wKioL1VM4GKxVPa7AABDcXg8elk407.jpg "width=" 244 "height=" 114 "/ >

So can we connect it with a line? This is our trunk (trunk link)

650) this.width=650; "Style=" border-top-width:0px;border-bottom-width:0px; border-left-width:0px; "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M00/6C/95/ Wkiol1vm4geakw82aabfwxjgvuu912.jpg "width=" 244 "height=" "/>

Trunk (trunk, trunk) is the function of enabling the same VLAN to communicate across switches

In a switched network, there are two types of links: Access link and trunk link

Access link: Usually belongs to a VLAN. The link between the host and the switch is the access link.

Trunk Link: Multiple VLANs can be hosted. The link between the two switches is the trunk link. A relay link is typically used to connect a switch to other switch navigation, or to connect the switch to the router.

Trunk mode

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" Image "Src=" http://s3.51cto.com/wyfs02/M01/6C/95/wKioL1VM4G3zy8ERAACq0cjeMYY843.jpg "width=" 392 "height=" 203 "/ >

Different port modes, different results

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" Image "Src=" http://s3.51cto.com/wyfs02/M02/6C/95/wKioL1VM4HajiaD_AADqtlK2oXk230.jpg "width=" 387 "height=" 197 "/ >

Identity of the VLAN

How does a relay link work? Very simple, the different VLAN transmission tag chant.

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" Image "Src=" Http://s3.51cto.com/wyfs02/M02/6C/95/wKioL1VM4H-gALv3AACPrlN_RA8561.jpg "width=" 393 "height=" 184 "/ >

1. ISL (inter-switch link, inter-switch link)

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" Image "Src=" http://s3.51cto.com/wyfs02/M01/6C/95/wKioL1VM4ISS02ERAABBKd8K-84143.jpg "width=" 404 "height="/>

ISL is the Cisco private tag method, the ISL header encapsulation is 26 bytes, the CRC (Cyclic redundancy check, cyclic redundancy check) tail is four bytes, a total of 30 bytes.

ISL simply encapsulates the frame without modifying any of the contents of the frame.

2. ieee802.1q

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" Image "Src=" Http://s3.51cto.com/wyfs02/M02/6C/9A/wKiom1VM3xWzlfgPAACig7fZblg432.jpg "width=" 393 "height=" 179 "/ >

802.1q is a public labeling method, and other vendors ' products support this labeling method. Regardless of the marking method used, the devices on both sides of the link must use the same tagging method.

The 802.1q uses an internal tagging mechanism. The relay device inserts a four-byte tag into the data frame and recalculates the FCS.

This four-byte marker header contains the following:

The 2-byte Tag protocol identifier (TPID) contains a fixed value for the 0x8100, which indicates that the frame has a 802.1q tag information.

The 2-byte tag control information (TCI) contains the following elements:

3-bit user priority: 802.1q does not use this field.

1-bit canonical format identifier (CFI): CFI is commonly used for Ethernet and Token Ring networks. In Ethernet, the value of CFI is typically set to 0.

12-bit VLAN identifier (VLAN ID): This field uniquely identifies the VLAN to which the frame belongs. A VLAN ID can uniquely identify 4,096 VLANs, but VLAN0 and VLAN 4095 are reserved.

3. Native VLAN

802.1q at design time, in order to be compatible with a hybrid deployment of a switch that does not support VLANs, a native VLAN is specifically designed that allows the switch to be forwarded from the trunk port to the tagged frame. On the Cisco Catalyst Switch, the default native VLAN is VLAN 1, but can be configured. The data frame of the Native VLAN is unmarked in the trunk link.

For trunk ports between two devices, the same native VLAN configuration is required on both sides of the link.

Note: The Native VLAN is a concept in 802.1q, there is no Native vlan in ISL, that is, ISL is VLAN-tagged for all data frames on the trunk link.

What is Ethernetchannel (Ethernet channel)

The Ethernetchannel increases the link bandwidth by bundling multiple Ethernet links, and runs a mechanism to bind multiple network ports into a single logical link. The Ethernet channel can bundle up to 8 physical links, where the physical link can be twisted or fiber connected.

However, the Ethernet channel must follow some of the following rules:

The ports that participate in the bundle must belong to the same VLAN. If it is in relay mode, all ports participating in the bundle are required to be in trunk mode. And the same allowed VLAN range is configured on all ports. If the permitted VLAN range for all trunks in the channel is not the same, the trunk port of a VLAN is not allowed to discard packets from that VLAN, and the port of that VLAN is allowed to transmit data for it.

If the port is configured for trunk mode, then all ports in the channel should be configured in the same trunk mode at both ends of the link.

The physical parameter settings for all ports participating in the bundle must be the same and should have the same speed and full/version duplex mode settings.

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" Image "Src=" http://s3.51cto.com/wyfs02/M02/6C/9A/wKiom1VM3xvQZYv2AACii2VjSa4091.jpg "width=" 345 "height=" 180 "/ >

Experiment and Configuration :

XXX Company's number of employees has reached 100 people, its network equipment. The current network environment leads to more broadcasts, slower speeds, and is not secure. The company hopes to divide the network according to the department, and can guarantee certain network security.

Its network planning is as follows:

PC1 and PC3 are finance department, belong to VLAN2, name is Caiwu, its IP address is 192.168.0.2/24, 192.168.0.3/24

PC2 and PC5 for the sales department, belonging to the VLAN3, named Xiaoshou, whose IP address is 192.168.1.2/24, 192.168.1.3/24

PC4 and PC6 for the production department, belonging to the VLAN4, named Shengchan, whose IP address is 192.168.2.2/24, 192.168.2.3/2

The link between the three switches is trunk. Configure the switch to manage IP addresses with VLAN1,SW1, SW2 and SW3 IP addresses of 192.168.100.1/24, 192.168.100.2/24, 192.168.100.3/24, respectively

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image002 "src=" http://s3.51cto.com/wyfs02/M00/6C/9A/wKiom1VM3yGQB2y2AADMW8MXH_o151.jpg "width=" 438 "height=" 216 "/>

Specific steps:

1. Create vlan2 on SW1, named Caiwu and Vlan3, named Xiaoshou. ：

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image004 "src=" http://s3.51cto.com/wyfs02/M02/6C/95/wKioL1VM4JzCqsgqAABNoV3ybus620.jpg "width=" 433 "height=" 117 "/>

2. Create vlan2 on SW2, named Caiwu and Vlan4, named Shengchan. ：

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image006 "src=" http://s3.51cto.com/wyfs02/M00/6C/95/wKioL1VM4KKBwxnTAABOwWrR_v8199.jpg "width=" 436 "height=" "/>

3. Create vlan3 on SW3, named Xiaoshou and Vlan4, named Shengchan. ：

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image008 "src=" http://s3.51cto.com/wyfs02/M00/6C/9A/wKiom1VM3zKTVL0fAABSDfUxJN4387.jpg "width=" 441 "height=" 121 "/>

4. Add the F0/1 interface of the SW1 to the vlan2, and the F0/2 interface into the VLAN3. ：

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image010 "src=" http://s3.51cto.com/wyfs02/M01/6C/9A/wKiom1VM3ziyNtWWAABpfur-ors051.jpg "width=" 446 "height=" "/>"

5. Add the F0/1 interface of the SW2 to the vlan2, and the F0/2 interface into the VLAN4. ：

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image012 "src=" http://s3.51cto.com/wyfs02/M02/6C/95/wKioL1VM4LPhzmKPAABZowCZIsE364.jpg "width=" 439 "height=" "/>

6. Add the F0/1 interface of the SW3 to the VLAN3, and the F0/2 interface into the VLAN4. ：

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image014 "src=" http://s3.51cto.com/wyfs02/M00/6C/95/wKioL1VM4LriHmNbAABZuMIh2T0879.jpg "width=" 437 "height=" "/>

7. Configure an IP address on the SW1 for the vlan1. ：

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image016 "src=" http://s3.51cto.com/wyfs02/M01/6C/95/wKioL1VM4MCRL_96AABBdmXJnFk588.jpg "width=" 439 "height=" "/>

8. Change the SW1 F0/14 interface to trunk mode. ：

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image018 "src=" http://s3.51cto.com/wyfs02/M02/6C/95/wKioL1VM4MXhiPwQAAAs2DYg-_k500.jpg "width=" 442 "height=" "/>

9. Turn on the SW1 F0/1 interface to the F0/14 interface (the simulator requires this step and the real machine is not required). ：

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image020 "src=" http://s3.51cto.com/wyfs02/M01/6C/95/wKioL1VM4M3TETRNAAAs7fbnx6E302.jpg "width=" 443 "height=" "/>

10. Configure an IP address on the SW2 for the vlan1. ：

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image022 "src=" http://s3.51cto.com/wyfs02/M00/6C/95/wKioL1VM4NKwE4FTAAA9xVwmgco353.jpg "width=" 453 "height=" "/>

11. Change the SW2 F0/14 and F0/15 two interfaces to the trunk interface. ：

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image024 "src=" http://s3.51cto.com/wyfs02/M02/6C/9A/wKiom1VM4azwNZm-AAA67J253vo044.jpg "width=" 458 "height=" "/>

12. Turn on the SW2 F0/1 interface to the F0/15 interface (the simulator requires this step and the real machine is not required). ：

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image026 "src=" http://s3.51cto.com/wyfs02/M02/6C/95/wKioL1VM4ynS9eSmAAA3iIGpb-8023.jpg "width=" 465 "height=" "/>

13. Configure an IP address on the SW3 for the vlan1. ：

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image028 "src=" http://s3.51cto.com/wyfs02/M00/6C/95/wKioL1VM4y_TldXxAABIFu59o0A016.jpg "width=" 459 "height=" "/>

14. Change the F0/15 interface of the SW3 to the trunk interface. ：

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image030 "src=" http://s3.51cto.com/wyfs02/M01/6C/9A/wKiom1VM4b-hbJUTAAAriAEIKrc275.jpg "width=" 459 "height=" "/>

15. Turn on the SW3 F0/1 interface to the F0/15 interface (the simulator requires this step and the real machine is not required). ：

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image032 "src=" http://s3.51cto.com/wyfs02/M02/6C/9A/wKiom1VM4cXgDnHWAAA4D6vwnsY151.jpg "width=" 467 "height=" "/>

16. Configure IP address for PC1:192.168.0.2/24,PC2 Configure IP Address: 192.168.1.2/24,PC3 Configure IP Address: 192.168.0.3/24,PC4 Configure IP Address: 192.168.2.2/ 24,PC5 Configure IP Address: 192.168.1.3/24,PC6 Configure IP Address: 192.168.2.3/24. :

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image034 "src=" http://s3.51cto.com/wyfs02/M00/6C/95/wKioL1VM40LBdTPoAACFNltgF3E105.jpg "width=" 342 "height=" 191 "/>

17. At this time, when the same network segment of the host to ping each other, found that only PC2 and PC5 can not ping, PC1 and PC3 can ping, PC4 and PC6 can ping through. ：

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image036 "src=" http://s3.51cto.com/wyfs02/M01/6C/95/wKioL1VM40qx_3ENAAB8enf1Zgo148.jpg "width=" 336 "height=" 163 "/>

18. Because the interface connecting PC2 and PC5 belongs to Vlan3, and VLAN3 is not created on SW2, data cannot be forwarded, as long as SW2 is created on VLAN3. ：

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image038 "src=" http://s3.51cto.com/wyfs02/M02/6C/95/wKioL1VM40_CvPIZAAAvvtlz80E195.jpg "width=" 486 "height=" "/>

19. Let PC2 go to pingPC5, found that can communicate. ：

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image040 "src=" http://s3.51cto.com/wyfs02/M01/6C/9A/wKiom1VM4eOiGEbsAAA7uLKOjWY372.jpg "width=" 367 "height=" "/>

Types of VLANs

1. Static VLAN

Static VLANs, also known as Port-based VLANs, are the most common way of implementing VLANs today. is to explicitly specify which VLAN the port of the switch belongs to, which needs to be manually configured by the network administrator. When the user host is connected to the switch port, it is assigned to the corresponding VLAN.

This mapping of ports and VLANs is only valid locally, and this information cannot be shared between switches.

2. Dynamic VLAN

There are many ways to implement dynamic VLAN, and the most common method is to implement dynamic VLAN based on MAC address. A dynamic VLAN based on a MAC address that is automatically assigned to the appropriate VLAN based on the host's MAC address. The great advantage of this VLAN partitioning approach is that VLANs do not have to be reconfigured when the user is physically moving, that is, when switching from one switch to another. However, the disadvantage of this method is that all users must be configured when initializing, and if there are hundreds of or even thousands of users, the configuration task will be very heavy. Therefore, this partitioning method does not usually apply to large local area networks.

Creating VLANs

VLAN database configuration mode. This mode only supports VLAN normal range (1-1005).

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image041 "src=" http://s3.51cto.com/wyfs02/M02/6C/95/wKioL1VM417RqchXAABcYZvUh0w024.jpg "width=" 244 "height=" 102 "/>

Global configuration mode. This mode not only supports VLAN normal range, but also can configure VLAN database configuration mode to not configure the extended range of VLANs. 650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image043 "src=" http://s3.51cto.com/wyfs02/M02/6C/9A/wKiom1VM4e7QvQyCAABnYzzfxdw281.jpg "width=" 424 "height=" "/>

To delete a VLAN with ID 20, you need to use the No VLAN vlan-id command. The following procedures are performed:

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image045 "src=" http://s3.51cto.com/wyfs02/M01/6C/95/wKioL1VM42qy59wZAAB8jlLd-SQ595.jpg "width=" 462 "height=" "/>

VLANs can also be removed from the VLAN database. The following procedures are performed:

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image046 "src=" http://s3.51cto.com/wyfs02/M00/6C/95/wKioL1VM42_RVCzQAABkT-VN6Cg764.jpg "width=" 202 "height=" "/>

Add the port of the switch to the appropriate VLAN

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image048 "src=" http://s3.51cto.com/wyfs02/M02/6C/9A/wKiom1VM4gHh2qEOAABrmVONv1U985.jpg "width=" 407 "height=" "/>

You can use the command default interface Interface-id to restore the interface to the default configuration state.

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image049 "src=" http://s3.51cto.com/wyfs02/M00/6C/95/wKioL1VM43yDYY8wAAAb0JrMQas685.jpg "width=" 244 "height=" "/>

commands for viewing VLAN information

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image050 "src=" http://s3.51cto.com/wyfs02/M01/6C/95/wKioL1VM44LB0QayAAAb9gkbQlQ827.jpg "width=" 244 "height=" "/>

Commands to view a VLAN information

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image051 "src=" http://s3.51cto.com/wyfs02/M02/6C/95/wKioL1VM44nzJkEOAAAYWeXCLOo765.jpg "width=" 244 "height=" "/>

Troubleshooting the Trunk

1. Interface mode

To ensure that the trunk mode of at least one side of the link should be trunk or desirable. The trunk configuration of the interface can be verified by using the command show interface Interface-id trunk.

2. Package Type

Ensure that the trunk package type is compatible at both ends of the link.

3. Native VLAN

If you are using a 802.1q package, make sure that the native VLAN configuration is the same on both sides of the trunk link.

Configuration of the Ethernet channel

Configure the Ethernet channel in the topology shown.

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image052 "src=" http://s3.51cto.com/wyfs02/M01/6C/9A/wKiom1VM4kjzGbIJAAAmIZqNj1Y923.jpg "width=" 244 "height=" "/>

The configuration on switch A is as follows:

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image053 "src=" http://s3.51cto.com/wyfs02/M00/6C/95/wKioL1VM48Ph4bpNAAC-coCVWKM890.jpg "width=" 522 "height=" "/>"

Switch B is configured in the same way as a.

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image054 "src=" http://s3.51cto.com/wyfs02/M01/6C/95/wKioL1VM48rAQIr8AAC2IYf4ZgM846.jpg "width=" 501 "height=" "/>

View the configuration of the Ethernet channel and display the following to indicate that the configuration is correct.

Switch A:

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image055 "src=" http://s3.51cto.com/wyfs02/M02/6C/9A/wKiom1VM4luy6h8SAABc3JPcOEk802.jpg "width=" 244 "height=" "/>

Switch B:

650) this.width=650; "style=" border-top-width:0px;border-bottom-width:0px;border-left-width:0px; "border=" 0 "alt=" clip_image056 "src=" http://s3.51cto.com/wyfs02/M00/6C/9A/wKiom1VM4mGyeFS3AABbkhAXjn0007.jpg "width=" 244 "height=" Bayi "/>

Virtual LAN VLAN